Aggregator
ATT&CK实践进入深水区 ---不要再迷信ATT&CK覆盖率
4 months ago
ATT&CK实践进入深水区 ---不要再迷信ATT&CK覆盖率
4 months ago
Protecting children online: Where Florida’s new law falls short
4 months ago
Some of the state’s new child safety law can be easily circumvented. Should it have gone further?
ATT&CK实践进入深水区 ---不要再迷信ATT&CK覆盖率
4 months ago
引言ATT&CK除了版本更新的常规内容外,研究机构、学术界和产业界都有更深入的实践,检测方面的内容有了更多深入的实践和检验,从实际情况“祛魅”了ATT&CK覆盖率这个数字。除了检测工程之外,在威胁预测
Discussing Useful Security Requirements with Developers - Ixchel Ruiz - ASW #313
4 months ago
Jan 14, 2025There's a pernicious myth that developers don't care aboutsecurity. In practice, they c
ATT&CK实践进入深水区 ---不要再迷信ATT&CK覆盖率
4 months ago
2025年首个满分漏洞:云攻击者利用Aviatrix Controller漏洞植入恶意软件
4 months ago
该漏洞评分高达10分,攻击者借此植入恶意软件
你想有多PWN
4 months ago
看雪论坛作者ID:stonectf
【预售中】无人机安全攻防入门:带你玩转无线电,守护空中隐私与安全!
4 months ago
你想有多PWN
4 months ago
✦1、打pwn需要准备的武器库✦✦2、副武器✦◆file 程序名:可查看文件类型以及一些大致信息◆readelf -a 程序名:查看elf文件所有节、符号表等信息◆hexdump 程序名:把指令数据等
【预售中】无人机安全攻防入门:带你玩转无线电,守护空中隐私与安全!
4 months ago
如今,无人机已经成为各行各业的重要工具,其应用场景日益广泛。例如从军事侦察到物流配送,从影视拍摄到农业监测。随着无人机技术的普及,其安全问题也逐渐凸显。例如无人机遭受黑客攻击、数据泄露、飞行失控等安全
2025年首个满分漏洞:云攻击者利用Aviatrix Controller漏洞植入恶意软件
4 months ago
2025年1月14日,网络安全研究人员发现,云攻击者正在利用一个名为Max-Critical Aviatrix RCE的漏洞(编号CVE-2024-50603),该漏洞在CVSS评分中高达10分(满分
Google’s “Sign in with Google” Flaw Exposes Millions of Users’ Details
4 months ago
A critical flaw in Google’s “Sign in with Google” authentication system has left millions of Americans vulnerable to potential data theft. This vulnerability mainly affects former employees of startups, especially those that have ceased operations. According to Truffle Security, the root cause stems from how Google’s OAuth login interacts with domain ownership changes. When a […]
The post Google’s “Sign in with Google” Flaw Exposes Millions of Users’ Details appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Gurubaran
CVE-2000-0317 | Sun Solaris 2.6/7.0 lpset Command -r memory corruption (EDB-19872 / XFDB-4359)
4 months ago
A vulnerability was found in Sun Solaris 2.6/7.0. It has been classified as critical. Affected is an unknown function of the component lpset Command. The manipulation of the argument -r leads to memory corruption.
This vulnerability is traded as CVE-2000-0317. An attack has to be approached locally. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
NPM command confusion
4 months ago
Intro
【权威发布】吾爱破解论坛2024年优秀、精华TOP榜(上)
4 months ago
精彩纷呈的2024已经落下帷幕,回顾这一年,吾爱破解论坛佳作频出,新秀崭露头角,老将宝刀不老,一篇篇技术文章鞭辟入里、深入浅出,络绎登场,令人目不暇接。
Минфин предложил тюремные сроки за утечку банковской и налоговой тайны
4 months ago
В России ужесточают наказание за незаконное распространение финансовых данных.
CVE-2010-4930 | Atmail Webmail up to 6.1.9 index.php MailType cross site scripting (EDB-34690 / Nessus ID 49696)
4 months ago
A vulnerability was found in Atmail Webmail up to 6.1.9. It has been classified as problematic. This affects an unknown part of the file index.php. The manipulation of the argument MailType leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2010-4930. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
UK Registry Nominet Breached Via Ivanti Zero-Day
4 months ago
The .uk registry Nominet has been breached by a recently disclosed zero-day vulnerability in Ivanti products